def test_attack_continue(bn_model, bn_criterion, bn_images, bn_labels): attack1 = BlendedUniformNoiseAttack(bn_model, bn_criterion) advs1 = attack1(bn_images, bn_labels, unpack=False) attack = HopSkipJumpAttack(bn_model, bn_criterion) advs2 = attack( bn_images, bn_labels, iterations=21, log_every_n_steps=2, gamma=0.01, stepsize_search="geometric_progression", batch_size=128, initial_num_evals=200, max_num_evals=20000, verbose=True, individual_kwargs=[{ "starting_point": a.perturbed } for a in advs1], unpack=False, ) for adv1, adv2 in zip(advs1, advs2): assert adv2.perturbed is not None assert adv2.distance.value < np.inf assert adv2.distance.value < adv1.distance.value
def test_attack_continue(bn_adversarial): adv = bn_adversarial attack1 = BlendedUniformNoiseAttack() attack1(adv) d1 = adv.distance.value attack2 = HopSkipJumpAttack() attack2(adv, iterations=20, verbose=True) assert adv.perturbed is not None assert adv.distance.value < np.inf assert adv.distance.value < d1
def test_attack(bn_model, bn_criterion, bn_images, bn_labels): attack = HopSkipJumpAttack(bn_model, bn_criterion) advs = attack(bn_images, bn_labels, iterations=20, verbose=True, unpack=False) for adv in advs: assert adv.perturbed is not None assert adv.distance.value < np.inf
def test_attack_impossible(bn_model, bn_impossible_criterion, bn_images, bn_labels): attack = HopSkipJumpAttack(bn_model, bn_impossible_criterion) advs = attack(bn_images, bn_labels, iterations=20, verbose=False, unpack=False) for adv in advs: assert adv.perturbed is None
def test_attack_stepsize_gridsearch(bn_model, bn_criterion, bn_images, bn_labels): attack = HopSkipJumpAttack(bn_model, bn_criterion) advs = attack( bn_images, bn_labels, unpack=False, iterations=20, verbose=True, stepsize_search="grid_search", ) for adv in advs: assert adv.perturbed is not None assert adv.distance.value < np.inf
def test_attack_linf_targeted(bn_adversarial): adv = bn_adversarial attack = HopSkipJumpAttack(distance=Linf) o = adv.unperturbed np.random.seed(2) starting_point = np.random.uniform( 0, 1, size=o.shape).astype(o.dtype) attack( adv, iterations=21, starting_point=starting_point, log_every_n_steps=2, gamma=0.01, stepsize_search='grid_search', batch_size=128, initial_num_evals=200, max_num_evals=20000, verbose=True) assert adv.perturbed is not None assert adv.distance.value < np.inf
def test_attack_targeted(bn_model, bn_targeted_criterion, bn_images, bn_labels): np.random.seed(2) starting_point = np.random.uniform(0, 1, size=bn_images[0].shape).astype( bn_images.dtype) attack = HopSkipJumpAttack(bn_model, bn_targeted_criterion) advs = attack( bn_images, bn_labels, iterations=21, starting_point=starting_point, log_every_n_steps=2, gamma=0.01, stepsize_search="geometric_progression", batch_size=128, initial_num_evals=200, max_num_evals=20000, verbose=True, unpack=False, ) for adv in advs: assert adv.perturbed is not None assert adv.distance.value < np.inf
def test_attack_impossible(bn_impossible): adv = bn_impossible attack = HopSkipJumpAttack() attack(adv, iterations=200, verbose=True) assert adv.perturbed is None assert adv.distance.value == np.inf
def test_attack_gl(gl_bn_adversarial): adv = gl_bn_adversarial attack = HopSkipJumpAttack() attack(adv, iterations=200, verbose=True) assert adv.perturbed is not None assert adv.distance.value < np.inf
def test_attack_non_verbose(bn_adversarial): adv = bn_adversarial attack = HopSkipJumpAttack() attack(adv, iterations=20, verbose=False) assert adv.perturbed is not None assert adv.distance.value < np.inf